Glad to know that ESET has ethics and won’t help governments to spy on the people. Good job!

Igor

Sorry, but how should we trust those statements?

You are located in the US. Companies like Google and Facebook are also located in the US. Both companies denied any government access in public. The international press showed us more than once that this is wrong.
Also, in the US, when you receive a “security letter”, you are *forced* by law to do whatever they want you to do (you know, terrorists are everywhere and everything is against terrorists…). And you are also not allowed to talk about.
So why on earth should we trust any statement like that?
Face it:
You (and any other antivirus company) are technically able to deliver a ‘special’ (manipulated) virus definition only to those customers you want to. So for example, if I (the government) had a target using your protection, I can force you to deliver something special to just this customer. This *is* technically possible!
Because you could filter based on license information who will receive these “special” updates, nobody else will ever notice.
Your letter is wasted time, sorry.
To be clear: I may trust you (Eset) not to do such things. But if the “law” will force you, you (as a company) will… that’s the world we live in.

Stephen Cobb

Thank you for your comments Igor. Here are some answers to your questions:

> Sorry, but how should we trust those statements?

Trust is hard to quantify. Around 100 million people in 180 countries trust ESET to do its very best to protect their information. ESET is dedicated to maintaining that trust.

It bears remembering that it is not our actions, but the actions of governments that have brought this mistrust of our companies.

There have been many incidences where we have detected government sponsored malware, and none where we have knowingly not detected it.

> You are located in the US. Companies like Google and Facebook are also located in the US.

As we stated, ESET is a global organization, headquartered in the EU, with research organizations in multiple parts of the world, and our virus-detection decisions are not made in the any single jurisdiction.

> Also, in the US, when you receive a “security letter”, you are *forced* by law to do whatever they want you to do (you know, terrorists are everywhere and everything is against terrorists…). And you are also not allowed to talk about.

See above. ESET’s headquarters, where any legal challenge would need to be sent, are not in the US. But in any case; all such orders are challengeable via the legal system and in court.

Again, since we have our offices in many countries of the world including the US, and we have several malware labs in several different countries, as well as update servers in several different countries, it is very unlikely that there is any legal way one particular government can force us not to detect a particular threat.

> So for example, if I (the government) had a target using your protection, I can force you to deliver something special to just this customer. This *is* technically possible!

Many things are technically possible but never happen, and are extremely unlikely to happen. As we stated in our letter, ESET has never been asked to do anything like this, it would not make sense anyway, see above.

> Your letter is wasted time, sorry.

We’re sorry you feel that way, but I can assure you in ESET offices around the world and in the wider industry, people remain hard at work protecting the data and systems of all of our customers from intruders and bad actors of all kinds and we take the responsibility incredibly seriously.

We try to operate as transparently as possible, and this is why we wrote the letter in response to the questions asked.